Virtualization/Sandbox Evasion
Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may u...
BY SOURCE
PROCEDURES (10)
Auto-extracted: 4 detections for general monitoring
Auto-extracted: 2 detections for unusual
Auto-extracted: 2 detections for general monitoring
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for parent process
Auto-extracted: 1 detections for evasion
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for script execution monitoring
Auto-extracted: 1 detections for evasion